<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <title>Book Entry Results</title>
    </head>
    <body>
        <h1>Book Entry Results</h1>
        <?php
        // 创建变量
        $isbn=$_POST['isbn'];
        $author=$_POST['author'];
        $title=$_POST['title'];
        $price=$_POST['price'];
        if(!$isbn || !$author || !$title || !$price) {
            echo "您未填写内容，请返回重试";
            exit;
        }
        if(!get_magic_quotes_gpc()) {
            $isbn=addslashes($isbn);
            $author=addslashes($author);
            $title=addslashes($title);
            $price=doubleval($price);
        }

        @$db=new mysqli("localhost","book","admin","books");
        if(mysqli_connect_errno()){
            echo "连接数据库错误";
            exit;
        }
        /*
        $query="insert into books values ('".$isbn."','".$author."','".$title."','".$price."')";
        $result=$db->query($query);
        if($result){
            echo $db->affected_rows."book inserted into database";
        } else {
            echo "an error has occurred.the item was not added";
        }
        $db->close();
        */

        $query="insert into books values(?, ?, ?, ?)";


        $stmt = $db->prepare($query);
        $stmt->bind_param("sssd", $isbn, $author, $title, $price);
        $stmt->execute();
        echo $stmt->affected_rows;

        $stmt->close();

        /*
        // 早期的mysql扩展
        $db=mysql_connect("localhost","user","password");
        mysql_select_db("database");
        $query("select * from table");
        $result=mysql_query($query);
        */


         ?>

    </body>
</html>
